Using Verify Privilege Manager Mobile App with Hybrid SSO Logins

For situations where Azure AD is implemented in a hybrid cloud configuration with federation established to Okta for SSO logins, the use of the Verify Privilege Manager mobile application will fail with the error message Could not connect to management server. In this situation, a user needs to be set up to bypass the Okta federation to login.

To bypass Okta federation with Office 365 in the above configuration, complete the following steps:

1. Create an on-premise user in Active Directory.

2. Sync the user to Azure AD, either manually or wait until an automatic sync occurs.

3. Locate the user in Azure AD and click Edit Properties.

   

4. Under properties, locate the User principal name field and select an appropriate UPN domain at the drop-down. For example, .onmicrosoft.com.

   

5. After changing the UPN, reset the password for the login account. An administrator can do this from the Azure console to get a temporary password to use.

   

6. Ensure that Azure AD is enabled as an authentication source in Verify Privilege Manager, in Admin | Configuration | Foreign Systems.

   

7. Ensure that any roles users will be added to have visibility into the approval queues visible in the application.

   

   Automation Approval tasks are defined in Admin | Tasks | Automation.

   

8. Add the user to the desired role directly.

   Do not add the user under Admin | Users, as it will not be recognized.

   

   

9. You can now log in to the Thycotic ACS application if all other configuration items have been completed.

It may be necessary to change Local Authentication on the service bus to enabled.